Overview

overview

7

Static

static

3

d494371bfa...fa.exe

windows7-x64

7

d494371bfa...fa.exe

windows10-2004-x64

7

$PLUGINSDI...nt.exe

windows7-x64

1

$PLUGINSDI...nt.exe

windows10-2004-x64

1

$PLUGINSDI...se.dll

windows7-x64

3

$PLUGINSDI...se.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...up.exe

windows7-x64

1

$PLUGINSDI...up.exe

windows10-2004-x64

1

$PLUGINSDI...up.exe

windows7-x64

1

$PLUGINSDI...up.exe

windows10-2004-x64

1

$PLUGINSDI...32.exe

windows7-x64

1

$PLUGINSDI...32.exe

windows10-2004-x64

1

$SYSDIR/COMCAT.dll

windows7-x64

1

$SYSDIR/COMCAT.dll

windows10-2004-x64

1

$SYSDIR/INETKO.dll

windows7-x64

1

$SYSDIR/INETKO.dll

windows10-2004-x64

1

$SYSDIR/MSCMCKO.dll

windows7-x64

1

$SYSDIR/MSCMCKO.dll

windows10-2004-x64

1

$SYSDIR/MSCOMCTL.dll

windows7-x64

1

$SYSDIR/MSCOMCTL.dll

windows10-2004-x64

1

$SYSDIR/MSINET.dll

windows7-x64

1

$SYSDIR/MSINET.dll

windows10-2004-x64

1

$SYSDIR/MSPRPKO.dll

windows7-x64

1

$SYSDIR/MSPRPKO.dll

windows10-2004-x64

1

$SYSDIR/MSSTKPRP.dll

windows7-x64

1

$SYSDIR/MSSTKPRP.dll

windows10-2004-x64

1

$SYSDIR/VB6KO.dll

windows7-x64

1

$SYSDIR/VB6KO.dll

windows10-2004-x64

1

$SYSDIR/asycfilt.dll

windows7-x64

1

$SYSDIR/asycfilt.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    18/03/2024, 21:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d494371bfa020427ec0aef15427a95fa.exe

  • Size

    2.0MB

  • MD5

    d494371bfa020427ec0aef15427a95fa

  • SHA1

    b895c3c8b21f33e35d231b7b29f964ad95990600

  • SHA256

    96820541e563ae6bd9e97a0ec95bcbc5e2044dc89574d3c8d0b7b40edc276222

  • SHA512

    9007ec557067f5b7e67bae8acdcc12bc0307f40327df8a2c05743a4592ec94c6531a4331e2798d595eb6874195ed8e4d00c8fe9992658d1d993d8315fbb0f92b

  • SSDEEP

    49152:LJYw9TFXwDUCH4Bt8uTRJiO9r8HxFAzzCQe7:T95wYCAJiO9at7

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d494371bfa020427ec0aef15427a95fa.exe
    "C:\Users\Admin\AppData\Local\Temp\d494371bfa020427ec0aef15427a95fa.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2920

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsd13C0.tmp\ioSpecial.ini
    Filesize

    672B

    MD5

    771a1543b55f8021407aac77b21b80f2

    SHA1

    248ab94668e6d29d53b4276e34216d3b8f3788bc

    SHA256

    f024665c604e57d1226f013c1d51003a27d4cd4a8fe632a5a230a4c5e090f5d5

    SHA512

    f5dd7ac5bfba9f410a486ec2865742c6fbdca701d8db7883e7db5c8f43af6d4ea55b8a045a9ecdb12503da12fa06e30a934e6b96fddf81e89d8e2855776459b3

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsd13C0.tmp\InstallOptions.dll
    Filesize

    14KB

    MD5

    0dc0cc7a6d9db685bf05a7e5f3ea4781

    SHA1

    5d8b6268eeec9d8d904bc9d988a4b588b392213f

    SHA256

    8e287326f1cdd5ef2dcd7a72537c68cbe4299ceb1f820707c5820f3aa6d8206c

    SHA512

    814dd17ebb434f4a3356f716c783ab7f569f9ee34ce5274fa50392526925f044798f8006198ac7afe3d1c2ca83a2ca8c472ca53fec5f12bbfbbe0707abacd6b0

    Download Submit